Hello there,
For failover setup, do we need turn on interface on the secondary unit with no shutdown command?
Here is example from my home work, is there any thing needed to be fixed? any suggestion?
TIA.
Primary Unit Configuration
--------------------------
hostname pixfirewall enable password myenablepassword password mypassword interface GigabitEthernet0/0 security 0 nameif outside ip address 109.23.18.2 255.255.255.0 standby
109.23.18.3 no shutdown interface GigabitEthernet0/1 security 100 nameif inside ip address 10.10.10.1 255.255.192.0 standby 10.10.10.2 no shutdown interface GigabitEthernet0/2 security 40 description LAN Failover Interface no shutdown interface GigabitEthernet0/3 security 50 no shutdown description STATE Failover Interfacetelnet 10.10.10.0 255.255.255.0 inside
access-list acl_out permit tcp any host 109.23.18.31 eq 80 failover failover lan unit primary failover lan interface failover GigabitEthernet0/2 ! failover lan enable ! The failover lan enable command is required on the PIX security appliance only. failover polltime unit msec 200 holdtime msec 800 failover key key1 failover link state GigabitEthernet0/3 failover interface ip failover 192.168.254.1
255.255.255.0 standby 192.168.254.2 failover interface ip state 192.168.253.1 255.255.255.0 standby 192.168.253.2 failover mac address GigabitEthernet 0/0 active_Mac Standby_Mac failover mac address GigabitEthernet 0/1 active_Mac Standby_Mac failover replication httpglobal (outside) 1 109.23.18.5 netmask 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) 109.23.18.31 10.10.10.31 netmask 255.255.255.255 0 0 access-group acl_out in interface outside route outside 0.0.0.0 0.0.0.0 109.23.18.1 1
Example 8: Secondary Unit Configuration failover failover lan unit secondary failover lan interface failover GigabitEthernet0/2 !failover lan enable ! The failover lan enable command is required on the PIX security appliance only. failover key key1 failover interface ip failover 192.168.254.1
255.255.255.0 standby 192.168.254.2